Go to the source code of this file.
Macros | |
| #define | DetectEngineGetMaxSigId(de_ctx) ((de_ctx)->signum) |
Detailed Description
Definition in file detect-engine.h.
Macro Definition Documentation
◆ DetectEngineGetMaxSigId
Definition at line 93 of file detect-engine.h.
Function Documentation
◆ DetectAppLayerInspectEngineRegister()
| void DetectAppLayerInspectEngineRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback2, | ||
| InspectionBufferGetDataPtr | GetData | ||
| ) |
Registers an app inspection engine.
- Parameters
-
name Name of the detection list alproto App layer protocol for which we will register the engine. direction The direction for the engine: SIG_FLAG_TOSERVER or SIG_FLAG_TOCLIENT progress Minimal progress value for inspect engine to run Callback The engine callback.
Definition at line 272 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, DetectEngineAppInspectionEngine_::Callback, DEBUG_VALIDATE_BUG_ON, DetectBufferTypeGetByName(), DetectEngineAppInspectionEngine_::dir, DetectEngineAppInspectionEngine_::GetData, name, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectEngineAppInspectionEngine_::sm_list, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectAppLayerEventRegister(), DetectAppLayerStateRegister(), DetectDceIfaceRegister(), DetectDceStubDataRegister(), DetectDNP3Register(), DetectDnsResponseRegister(), DetectFileRegisterFileProtocols(), DetectFtpdataRegister(), DetectFtpDynamicPortRegister(), DetectFtpModeRegister(), DetectFtpReplyReceivedRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIkeChosenSaRegister(), DetectIkeExchTypeRegister(), DetectIkeKeyExchangePayloadLengthRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNoncePayloadLengthRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectJa4HashRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectKrb5TicketEncryptionRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectRegisterAppLayerHookLists(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSmbVersionRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSslStateRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), SCDetectHelperBufferRegister(), and SCDetectSMTPRegister().
◆ DetectAppLayerInspectEngineRegisterSingle()
| void DetectAppLayerInspectEngineRegisterSingle | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectEngineFuncPtr | Callback2, | ||
| InspectionSingleBufferGetDataPtr | GetData | ||
| ) |
Definition at line 294 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, DetectEngineAppInspectionEngine_::Callback, DEBUG_VALIDATE_BUG_ON, DetectBufferTypeGetByName(), DetectEngineAppInspectionEngine_::dir, DetectEngineAppInspectionEngine_::GetDataSingle, name, DetectEngineAppInspectionEngine_::next, DetectEngineAppInspectionEngine_::progress, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, DetectEngineAppInspectionEngine_::sm_list, and DetectEngineAppInspectionEngine_::v2.
Referenced by SCDetectHelperBufferMpmRegister().
◆ DetectAppLayerMultiRegister()
| void DetectAppLayerMultiRegister | ( | const char * | name, |
| AppProto | alproto, | ||
| uint32_t | dir, | ||
| int | progress, | ||
| InspectionMultiBufferGetDataPtr | GetData, | ||
| int | priority | ||
| ) |
Definition at line 2107 of file detect-engine.c.
References DetectAppLayerMpmMultiRegister(), DetectEngineInspectMultiBufferGeneric(), name, and PrefilterMultiGenericMpmRegister().
Referenced by DetectFtpCompletionCodeRegister(), DetectFtpReplyRegister(), DetectHttp2Register(), DetectHttpRequestHeaderRegister(), DetectHttpResponseHeaderRegister(), DetectIkeVendorRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectTlsAlpnRegister(), DetectTlsCertsRegister(), DetectTlsSubjectAltNameRegister(), and SCDetectHelperMultiBufferProgressMpmRegister().
◆ DetectBufferIsPresent()
| bool DetectBufferIsPresent | ( | const Signature * | s, |
| const uint32_t | buf_id | ||
| ) |
Definition at line 1511 of file detect-engine.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, SignatureInitDataBuffer_::id, and Signature_::init_data.
◆ DetectBufferTypeCloseRegistration()
| void DetectBufferTypeCloseRegistration | ( | void | ) |
Definition at line 1655 of file detect-engine.c.
References BUG_ON.
Referenced by SigTableSetup().
◆ DetectBufferTypeGetByName()
| int DetectBufferTypeGetByName | ( | const char * | name | ) |
Definition at line 1277 of file detect-engine.c.
References DetectBufferType_::id, and name.
Referenced by DcePayloadRegisterTests(), DetectAppLayerEventRegister(), DetectAppLayerInspectEngineRegister(), DetectAppLayerInspectEngineRegisterSingle(), DetectAppLayerStateRegister(), DetectDceStubDataRegister(), DetectDnsResponseRegister(), DetectEngineAppInspectionEngine2Signature(), DetectFiledataRegister(), DetectFrameMpmRegister(), DetectFtpbounceRegister(), DetectFtpCommandDataRegister(), DetectFtpCompletionCodeRegister(), DetectFtpdataRegister(), DetectFtpDynamicPortRegister(), DetectFtpModeRegister(), DetectFtpReplyReceivedRegister(), DetectFtpReplyRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseHeaderRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIkeChosenSaRegister(), DetectIkeExchTypeRegister(), DetectIkeKeyExchangePayloadLengthRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNoncePayloadLengthRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectIkeVendorRegister(), DetectJa4HashRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectNfsVersionRegister(), DetectPktInspectEngineRegister(), DetectPktMpmRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTlsAlpnRegister(), DetectTlsCertChainLenRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectAltNameRegister(), DetectTlsSubjectRegister(), DetectTlsValidityRegister(), SCDetectHelperBufferMpmRegister(), SCDetectHelperMultiBufferProgressMpmRegister(), and SCDetectSMTPRegister().
◆ DetectBufferTypeGetDescriptionByName()
| const char * DetectBufferTypeGetDescriptionByName | ( | const char * | name | ) |
Definition at line 1394 of file detect-engine.c.
References DetectBufferType_::description, and name.
◆ DetectBufferTypeMaxId()
| int DetectBufferTypeMaxId | ( | void | ) |
Definition at line 1034 of file detect-engine.c.
◆ DetectBufferTypeRegister()
| int DetectBufferTypeRegister | ( | const char * | name | ) |
Definition at line 1213 of file detect-engine.c.
References BUG_ON, DetectBufferType_::id, and name.
Referenced by DetectBufferTypeRegisterSetupCallback(), DetectBufferTypeRegisterValidateCallback(), DetectBufferTypeSupportsFrames(), DetectBufferTypeSupportsMpm(), DetectBufferTypeSupportsMultiInstance(), DetectBufferTypeSupportsPacket(), DetectBufferTypeSupportsTransformations(), DetectDceIfaceRegister(), DetectDceOpnumRegister(), DetectDNP3Register(), DetectFileMd5Register(), DetectFilenameRegister(), DetectFileSha1Register(), DetectFileSha256Register(), DetectFilesizeRegister(), DetectFilestoreRegister(), DetectHttp2Register(), DetectHttpServerBodyRegister(), DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectIPAddrBufferRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectKrb5TicketEncryptionRegister(), DetectLuaRegister(), DetectPktInspectEngineRegister(), DetectSmbVersionRegister(), DetectSslStateRegister(), DetectSslVersionRegister(), DetectTcphdrRegister(), DetectTlsRegister(), DetectTlsVersionRegister(), DetectUdphdrRegister(), DetectUricontentRegister(), DetectUrilenRegister(), and SCDetectHelperBufferRegister().
◆ DetectBufferTypeRegisterSetupCallback()
| void DetectBufferTypeRegisterSetupCallback | ( | const char * | name, |
| void(*)(const DetectEngineCtx *, Signature *) | Callback | ||
| ) |
Definition at line 1471 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), name, and DetectBufferType_::SetupCallback.
Referenced by DetectFiledataRegister(), DetectHttpClientBodyRegister(), DetectHttpUriRegister(), DetectSipUriRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().
◆ DetectBufferTypeRegisterValidateCallback()
| void DetectBufferTypeRegisterValidateCallback | ( | const char * | name, |
| bool(*)(const Signature *, const char **sigerror, const DetectBufferType *) | ValidateCallback | ||
| ) |
Definition at line 1489 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), name, and DetectBufferType_::ValidateCallback.
Referenced by DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpUriRegister(), DetectQuicCyuHashRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectTlsFingerprintRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), and DetectTlsSerialRegister().
◆ DetectBufferTypeSetDescriptionByName()
| void DetectBufferTypeSetDescriptionByName | ( | const char * | name, |
| const char * | desc | ||
| ) |
Definition at line 1374 of file detect-engine.c.
References BUG_ON, DetectBufferType_::description, name, and strlcpy().
Referenced by DetectDnsResponseRegister(), DetectFiledataRegister(), DetectFilenameRegister(), DetectFtpCommandDataRegister(), DetectFtpCompletionCodeRegister(), DetectFtpDynamicPortRegister(), DetectFtpModeRegister(), DetectFtpReplyRegister(), DetectHttp2Register(), DetectHttpClientBodyRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseHeaderRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectJa4HashRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectSslStateRegister(), DetectTlsAlpnRegister(), DetectTlsCertsRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectAltNameRegister(), DetectTlsSubjectRegister(), SCDetectHelperBufferMpmRegister(), SCDetectHelperMultiBufferProgressMpmRegister(), and SCDetectSMTPRegister().
◆ DetectBufferTypeSupportsFrames()
| void DetectBufferTypeSupportsFrames | ( | const char * | name | ) |
Definition at line 1237 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::frame, DetectBufferType_::id, name, and SCLogDebug.
Referenced by DetectFrameMpmRegister().
◆ DetectBufferTypeSupportsMpm()
| void DetectBufferTypeSupportsMpm | ( | const char * | name | ) |
Definition at line 1257 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::mpm, name, and SCLogDebug.
Referenced by DetectFrameMpmRegister(), and DetectPktMpmRegister().
◆ DetectBufferTypeSupportsMultiInstance()
| void DetectBufferTypeSupportsMultiInstance | ( | const char * | name | ) |
Definition at line 1227 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, DetectBufferType_::multi_instance, name, and SCLogDebug.
Referenced by DetectDnsResponseRegister(), DetectFiledataRegister(), DetectFilenameRegister(), DetectHttp2Register(), DetectHttpRequestHeaderRegister(), DetectHttpResponseHeaderRegister(), DetectIkeVendorRegister(), DetectKrb5CNameRegister(), DetectKrb5SNameRegister(), DetectQuicCyuHashRegister(), DetectQuicCyuStringRegister(), DetectTlsAlpnRegister(), DetectTlsCertsRegister(), DetectTlsSubjectAltNameRegister(), DetectTlsSubjectRegister(), and SCDetectHelperMultiBufferProgressMpmRegister().
◆ DetectBufferTypeSupportsPacket()
| void DetectBufferTypeSupportsPacket | ( | const char * | name | ) |
Definition at line 1247 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, name, DetectBufferType_::packet, and SCLogDebug.
Referenced by DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectIPAddrBufferRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
◆ DetectBufferTypeSupportsTransformations()
| void DetectBufferTypeSupportsTransformations | ( | const char * | name | ) |
Definition at line 1267 of file detect-engine.c.
References BUG_ON, DetectBufferTypeRegister(), DetectBufferType_::id, name, SCLogDebug, and DetectBufferType_::supports_transforms.
Referenced by DetectFrameMpmRegister(), and DetectPktMpmRegister().
◆ DetectEngineAddToMaster()
| int DetectEngineAddToMaster | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 4662 of file detect-engine.c.
References de_ctx, DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineReload(), and PostConfLoadedDetectSetup().
◆ DetectEngineAppInspectionEngine2Signature()
| int DetectEngineAppInspectionEngine2Signature | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
- Note
- for the file inspect engine, the id DE_STATE_ID_FILE_INSPECT is assigned.
Definition at line 800 of file detect-engine.c.
References DetectEngineAppInspectionEngine_::alproto, SignatureHook_::alproto, SignatureHook_::app, Signature_::app_inspect, DetectEngineCtx_::app_inspect_engines, SignatureHook_::app_progress, SignatureInitData_::buffer_index, SignatureInitData_::buffers, BUG_ON, DetectEngineTransforms::cnt, de_ctx, DE_STATE_FLAG_BASE, DETECT_SM_LIST_PMATCH, DetectBufferTypeGetByName(), DetectEngineBufferTypeGetById(), DetectEngineBufferTypeGetNameById(), DetectEngineAppInspectionEngine_::dir, FatalError, Signature_::flags, DetectBufferType_::frame, DetectEngineCtx_::frame_inspect_engines, SignatureInitDataBuffer_::head, SignatureInitData_::hook, DetectEngineAppInspectionEngine_::id, DetectBufferType_::id, SignatureInitDataBuffer_::id, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, SignatureInitData_::mpm_sm, SignatureInitData_::mpm_sm_list, DetectBufferType_::name, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, DetectEngineFrameInspectionEngine::next, SignatureInitDataBuffer_::only_tc, SignatureInitDataBuffer_::only_ts, DetectBufferType_::packet, DetectBufferType_::parent_id, DetectEngineCtx_::pkt_inspect_engines, DetectEngineAppInspectionEngine_::progress, SCLogDebug, SIG_FLAG_FLUSH, SIG_FLAG_INIT_NEED_FLUSH, SIG_FLAG_INIT_STATE_MATCH, SIG_FLAG_TOCLIENT, SIG_FLAG_TOSERVER, SIG_FLAG_TXBOTHDIR, SigMatchList2DataArray(), SIGNATURE_HOOK_TYPE_APP, DetectEngineAppInspectionEngine_::sm_list, DetectEnginePktInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list, SignatureHook_::sm_list, SignatureInitData_::smlists, SignatureHook_::t, DetectBufferType_::transforms, and SignatureHook_::type.
◆ DetectEngineAppInspectionEngineSignatureFree()
| void DetectEngineAppInspectionEngineSignatureFree | ( | DetectEngineCtx * | de_ctx, |
| Signature * | s | ||
| ) |
free app inspect engines for a signature
For lists that are registered multiple times, like http_header and http_cookie, making the engines owner of the lists is complicated. Multiple engines in a sig may be pointing to the same list. To address this the 'free' code needs to be extra careful about not double freeing, so it takes an approach to first fill an array of the to-free pointers before freeing them.
Definition at line 928 of file detect-engine.c.
References Signature_::app_inspect, BUG_ON, SigMatchData_::ctx, de_ctx, Signature_::frame_inspect, SigTableElmt_::Free, SigMatchData_::is_last, next, DetectEngineAppInspectionEngine_::next, DetectEnginePktInspectionEngine::next, DetectEngineFrameInspectionEngine::next, Signature_::pkt_inspect, SCFree, sigmatch_table, DetectEngineAppInspectionEngine_::smd, DetectEnginePktInspectionEngine::smd, DetectEngineFrameInspectionEngine::smd, and SigMatchData_::type.
Referenced by SigFree().
◆ DetectEngineBufferRunSetupCallback()
| void DetectEngineBufferRunSetupCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| Signature * | s | ||
| ) |
Definition at line 1481 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::SetupCallback.
Referenced by SigPrepareStage1().
◆ DetectEngineBufferRunValidateCallback()
| bool DetectEngineBufferRunValidateCallback | ( | const DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| const Signature * | s, | ||
| const char ** | sigerror | ||
| ) |
Definition at line 1500 of file detect-engine.c.
References DetectEngineTransforms::cnt, de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::transforms, and DetectBufferType_::ValidateCallback.
◆ DetectEngineBufferTypeGetById()
| const DetectBufferType * DetectEngineBufferTypeGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1297 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_hash_id, de_ctx, HashListTableLookup(), id, and DetectBufferType_::id.
Referenced by DetectEngineAppInspectionEngine2Signature(), DetectEngineBufferRunSetupCallback(), DetectEngineBufferRunValidateCallback(), DetectEngineBufferTypeGetByIdTransforms(), DetectEngineBufferTypeGetDescriptionById(), DetectEngineBufferTypeGetNameById(), DetectEngineBufferTypeRegisterWithFrameEngines(), DetectEngineBufferTypeSupportsFramesGetById(), DetectEngineBufferTypeSupportsMpmGetById(), DetectEngineBufferTypeSupportsMultiInstanceGetById(), DetectEngineBufferTypeSupportsPacketGetById(), and DetectEngineBufferTypeValidateTransform().
◆ DetectEngineBufferTypeGetByIdTransforms()
| int DetectEngineBufferTypeGetByIdTransforms | ( | DetectEngineCtx * | de_ctx, |
| const int | id, | ||
| TransformData * | transforms, | ||
| int | transform_cnt | ||
| ) |
Definition at line 1662 of file detect-engine.c.
References DetectEngineCtx_::buffer_type_hash_id, DetectEngineCtx_::buffer_type_hash_name, DetectEngineCtx_::buffer_type_id, BUG_ON, DetectEngineTransforms::cnt, de_ctx, DetectAppLayerMpmRegisterByParentId(), DetectEngineBufferTypeGetById(), DetectFrameMpmRegisterByParentId(), DetectPktMpmRegisterByParentId(), DetectBufferType_::frame, HashListTableAdd(), HashListTableLookup(), DetectBufferType_::id, DetectBufferType_::mpm, DetectBufferType_::name, DetectBufferType_::packet, DetectBufferType_::parent_id, SCCalloc, SCLogDebug, SCLogError, DetectBufferType_::SetupCallback, strlcpy(), DetectBufferType_::supports_transforms, DetectEngineTransforms::transforms, DetectBufferType_::transforms, and DetectBufferType_::ValidateCallback.
Referenced by DetectBufferGetActiveList().
◆ DetectEngineBufferTypeGetDescriptionById()
| const char * DetectEngineBufferTypeGetDescriptionById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1385 of file detect-engine.c.
References de_ctx, DetectBufferType_::description, and DetectEngineBufferTypeGetById().
Referenced by EngineAnalysisFP().
◆ DetectEngineBufferTypeGetNameById()
| const char * DetectEngineBufferTypeGetNameById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1307 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), and DetectBufferType_::name.
Referenced by DetectEngineAppInspectionEngine2Signature(), DumpPatterns(), EngineAnalysisFP(), EngineAnalysisRules2(), RetrieveFPForSig(), and SCDetectBufferSetActiveList().
◆ DetectEngineBufferTypeRegister()
| int DetectEngineBufferTypeRegister | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1364 of file detect-engine.c.
References de_ctx, DetectBufferType_::id, and name.
Referenced by DetectEngineFrameInspectEngineRegister(), and DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeRegisterWithFrameEngines()
| int DetectEngineBufferTypeRegisterWithFrameEngines | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| const int | direction, | ||
| const AppProto | alproto, | ||
| const uint8_t | frame_type | ||
| ) |
Definition at line 1330 of file detect-engine.c.
References BUG_ON, de_ctx, DetectEngineBufferTypeGetById(), DetectEngineFrameInspectEngineRegister(), DetectEngineFrameMpmRegister(), DetectEngineInspectFrameBufferGeneric(), DetectBufferType_::id, DetectBufferType_::name, name, PrefilterGenericMpmFrameRegister(), SIG_FLAG_TOCLIENT, and SIG_FLAG_TOSERVER.
◆ DetectEngineBufferTypeSupportsFrames()
| void DetectEngineBufferTypeSupportsFrames | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1403 of file detect-engine.c.
References BUG_ON, de_ctx, DetectBufferType_::frame, DetectBufferType_::id, name, and SCLogDebug.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeSupportsFramesGetById()
| bool DetectEngineBufferTypeSupportsFramesGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1462 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::frame, and SCLogDebug.
Referenced by SignatureSetType().
◆ DetectEngineBufferTypeSupportsMpm()
| void DetectEngineBufferTypeSupportsMpm | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1419 of file detect-engine.c.
References BUG_ON, de_ctx, DetectBufferType_::id, DetectBufferType_::mpm, name, and SCLogDebug.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeSupportsMpmGetById()
| bool DetectEngineBufferTypeSupportsMpmGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1453 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::mpm, and SCLogDebug.
Referenced by DetectGetLastSMFromMpmLists(), and FastPatternSupportEnabledForSigMatchList().
◆ DetectEngineBufferTypeSupportsMultiInstanceGetById()
| bool DetectEngineBufferTypeSupportsMultiInstanceGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1435 of file detect-engine.c.
References BOOL2STR, de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::multi_instance, and SCLogDebug.
Referenced by DetectBufferGetActiveList(), and SCDetectBufferSetActiveList().
◆ DetectEngineBufferTypeSupportsPacket()
| void DetectEngineBufferTypeSupportsPacket | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1411 of file detect-engine.c.
References BUG_ON, de_ctx, DetectBufferType_::id, name, DetectBufferType_::packet, and SCLogDebug.
◆ DetectEngineBufferTypeSupportsPacketGetById()
| bool DetectEngineBufferTypeSupportsPacketGetById | ( | const DetectEngineCtx * | de_ctx, |
| const int | id | ||
| ) |
Definition at line 1444 of file detect-engine.c.
References de_ctx, DetectEngineBufferTypeGetById(), DetectBufferType_::packet, and SCLogDebug.
Referenced by SignatureSetType().
◆ DetectEngineBufferTypeSupportsTransformations()
| void DetectEngineBufferTypeSupportsTransformations | ( | DetectEngineCtx * | de_ctx, |
| const char * | name | ||
| ) |
Definition at line 1427 of file detect-engine.c.
References BUG_ON, de_ctx, DetectBufferType_::id, name, SCLogDebug, and DetectBufferType_::supports_transforms.
Referenced by DetectEngineFrameMpmRegister().
◆ DetectEngineBufferTypeValidateTransform()
| bool DetectEngineBufferTypeValidateTransform | ( | DetectEngineCtx * | de_ctx, |
| int | sm_list, | ||
| const uint8_t * | content, | ||
| uint16_t | content_len, | ||
| const char ** | namestr | ||
| ) |
Check content byte array compatibility with transforms.
The "content" array is presented to the transforms so that each transform may validate that it's compatible with the transform.
When a transform indicates the byte array is incompatible, none of the subsequent transforms, if any, are invoked. This means the first validation failure terminates the loop.
- Parameters
-
de_ctx Detection engine context. sm_list The SM list id. content The byte array being validated namestr returns the name of the transform that is incompatible with content.
- Return values
-
true (false) If any of the transforms indicate the byte array is (is not) compatible.
Definition at line 1539 of file detect-engine.c.
References BUG_ON, DetectEngineTransforms::cnt, de_ctx, DetectEngineBufferTypeGetById(), SigTableElmt_::name, TransformData_::options, sigmatch_table, TransformData_::transform, DetectEngineTransforms::transforms, DetectBufferType_::transforms, and SigTableElmt_::TransformValidate.
Referenced by DetectContentSetup().
◆ DetectEngineBumpVersion()
| void DetectEngineBumpVersion | ( | void | ) |
Definition at line 3836 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineMasterCtx_::version.
Referenced by DetectEngineMTApply(), DetectEngineReload(), and PostConfLoadedDetectSetup().
◆ DetectEngineClearMaster()
| void DetectEngineClearMaster | ( | void | ) |
Definition at line 4762 of file detect-engine.c.
References DEBUG_VALIDATE_BUG_ON, DetectEnginePruneFreeList(), DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by GlobalsDestroy().
◆ DetectEngineCtxFree()
| void DetectEngineCtxFree | ( | DetectEngineCtx * | de_ctx | ) |
Free a DetectEngineCtx::
- Parameters
-
de_ctx DetectEngineCtx:: to be freed
Definition at line 2641 of file detect-engine.c.
Referenced by DetectEnginePruneFreeList(), and DetectEngineReload().
◆ DetectEngineCtxInit()
| DetectEngineCtx * DetectEngineCtxInit | ( | void | ) |
Definition at line 2602 of file detect-engine.c.
Referenced by DetectEngineCtxInitWithPrefix().
◆ DetectEngineCtxInitStubForDD()
| DetectEngineCtx * DetectEngineCtxInitStubForDD | ( | void | ) |
Definition at line 2597 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB.
Referenced by PostConfLoadedDetectSetup().
◆ DetectEngineCtxInitStubForMT()
| DetectEngineCtx * DetectEngineCtxInitStubForMT | ( | void | ) |
Definition at line 2592 of file detect-engine.c.
References DETECT_ENGINE_TYPE_MT_STUB.
Referenced by DetectEngineMTApply(), and PostConfLoadedDetectSetup().
◆ DetectEngineCtxInitWithPrefix()
| DetectEngineCtx * DetectEngineCtxInitWithPrefix | ( | const char * | prefix, |
| uint32_t | tenant_id | ||
| ) |
Definition at line 2607 of file detect-engine.c.
References DETECT_ENGINE_TYPE_NORMAL, and DetectEngineCtxInit().
Referenced by DetectEngineReload().
◆ DetectEngineDeReference()
| void DetectEngineDeReference | ( | DetectEngineCtx ** | de_ctx | ) |
Definition at line 4638 of file detect-engine.c.
References de_ctx, and DEBUG_VALIDATE_BUG_ON.
Referenced by DetectEngineReload(), DetectEngineThreadCtxInitForReload(), GlobalsDestroy(), and SCDetectEngineRegisterRateFilterCallback().
◆ DetectEngineEnabled()
| int DetectEngineEnabled | ( | void | ) |
Check if detection is enabled.
- Return values
-
bool true or false
Definition at line 3812 of file detect-engine.c.
References DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, SCMutexLock, and SCMutexUnlock.
◆ DetectEngineFrameInspectEngineRegister()
| void DetectEngineFrameInspectEngineRegister | ( | DetectEngineCtx * | de_ctx, |
| const char * | name, | ||
| int | dir, | ||
| InspectionBufferFrameInspectFunc | Callback, | ||
| AppProto | alproto, | ||
| uint8_t | type | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 450 of file detect-engine.c.
References DetectEngineFrameInspectionEngine::alproto, BUG_ON, DetectEngineFrameInspectionEngine::Callback, de_ctx, DETECT_SM_LIST_MATCH, DetectEngineBufferTypeRegister(), DetectEngineFrameInspectionEngine::dir, FatalError, DetectEngineCtx_::frame_inspect_engines, name, DetectEngineFrameInspectionEngine::next, SCCalloc, SCLogError, SIG_FLAG_TOSERVER, DetectEngineFrameInspectionEngine::sm_list, DetectEngineFrameInspectionEngine::sm_list_base, type, DetectEngineFrameInspectionEngine::type, unlikely, and DetectEngineFrameInspectionEngine::v1.
Referenced by DetectEngineBufferTypeRegisterWithFrameEngines().
◆ DetectEngineGetByTenantId()
| DetectEngineCtx * DetectEngineGetByTenantId | ( | uint32_t | tenant_id | ) |
Definition at line 4612 of file detect-engine.c.
References de_ctx, DETECT_ENGINE_TYPE_TENANT, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
◆ DetectEngineGetCurrent()
| DetectEngineCtx * DetectEngineGetCurrent | ( | void | ) |
Definition at line 3845 of file detect-engine.c.
References de_ctx, DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, SCMutexUnlock, and DetectEngineCtx_::type.
Referenced by DetectEngineReload(), DetectEngineThreadCtxInit(), GlobalsDestroy(), LLVMFuzzerTestOneInput(), and SCDetectEngineRegisterRateFilterCallback().
◆ DetectEngineGetVersion()
| uint32_t DetectEngineGetVersion | ( | void | ) |
Definition at line 3826 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, SCMutexLock, SCMutexUnlock, version, and DetectEngineMasterCtx_::version.
◆ DetectEngineInspectBufferGeneric()
| uint8_t DetectEngineInspectBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match. 1 match. 2 Sig can't match.
Definition at line 2057 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), flags, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectDceStubDataRegister(), DetectHttpCookieRegister(), DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpHHRegister(), DetectHttpMethodRegister(), DetectHttpProtocolRegister(), DetectHttpRawHeaderRegister(), DetectHttpRequestLineRegister(), DetectHttpResponseLineRegister(), DetectHttpStartRegister(), DetectHttpStatCodeRegister(), DetectHttpStatMsgRegister(), DetectHttpUARegister(), DetectHttpUriRegister(), DetectIkeKeyExchangeRegister(), DetectIkeNonceRegister(), DetectIkeSpiRegister(), DetectJa4HashRegister(), DetectQuicSniRegister(), DetectQuicUaRegister(), DetectQuicVersionRegister(), DetectSipMethodRegister(), DetectSipUriRegister(), DetectSmbNamedPipeRegister(), DetectSmbNtlmsspDomainRegister(), DetectSmbNtlmsspUserRegister(), DetectSmbShareRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectSshHasshServerStringRegister(), DetectSshHasshStringRegister(), DetectSshProtocolRegister(), DetectSshSoftwareRegister(), DetectTlsFingerprintRegister(), DetectTlsIssuerRegister(), DetectTlsJa3HashRegister(), DetectTlsJa3SHashRegister(), DetectTlsJa3SStringRegister(), DetectTlsJa3StringRegister(), DetectTlsRandomBytesRegister(), DetectTlsRandomRegister(), DetectTlsRandomTimeRegister(), DetectTlsSerialRegister(), DetectTlsSniRegister(), DetectTlsSubjectRegister(), and SCDetectSMTPRegister().
◆ DetectEngineInspectBufferSingle()
| uint8_t DetectEngineInspectBufferSingle | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match. 1 match. 2 Sig can't match.
Definition at line 1996 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), DetectGetSingleData(), flags, InspectionBuffer::flags, DetectEngineAppInspectionEngine_::GetDataSingle, InspectionBuffer::inspect, InspectionBuffer::inspect_len, InspectionBuffer::inspect_offset, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, offset, DetectEngineAppInspectionEngine_::progress, Flow_::proto, SCLogDebug, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, unlikely, and DetectEngineAppInspectionEngine_::v2.
Referenced by SCDetectHelperBufferMpmRegister().
◆ DetectEngineInspectGenericList()
| uint8_t DetectEngineInspectGenericList | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const struct DetectEngineAppInspectionEngine_ * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect sm SigMatch to inspect f Flow flags app layer flags state App layer state
- Return values
-
0 no match 1 match
Definition at line 1954 of file detect-engine.c.
References SigMatchData_::ctx, DETECT_ENGINE_INSPECT_SIG_CANT_MATCH, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, flags, SigMatchData_::is_last, KEYWORD_PROFILING_END, KEYWORD_PROFILING_START, SCLogDebug, sigmatch_table, DetectEngineAppInspectionEngine_::smd, and SigMatchData_::type.
Referenced by DetectDceIfaceRegister(), DetectDNP3Register(), DetectFtpdataRegister(), DetectFtpDynamicPortRegister(), DetectFtpModeRegister(), DetectFtpReplyReceivedRegister(), DetectHttp2Register(), DetectIkeChosenSaRegister(), DetectIkeExchTypeRegister(), DetectIkeKeyExchangePayloadLengthRegister(), DetectIkeNoncePayloadLengthRegister(), DetectKrb5ErrCodeRegister(), DetectKrb5MsgTypeRegister(), DetectKrb5TicketEncryptionRegister(), DetectLuaRegister(), DetectModbusRegister(), DetectNfsProcedureRegister(), DetectRegisterAppLayerHookLists(), DetectSmbVersionRegister(), DetectSslStateRegister(), DetectTlsRegister(), and SCDetectHelperBufferRegister().
◆ DetectEngineInspectMultiBufferGeneric()
| uint8_t DetectEngineInspectMultiBufferGeneric | ( | DetectEngineCtx * | de_ctx, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const DetectEngineAppInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| uint8_t | flags, | ||
| void * | alstate, | ||
| void * | txv, | ||
| uint64_t | tx_id | ||
| ) |
Definition at line 2157 of file detect-engine.c.
References Flow_::alproto, AppLayerParserGetStateProgress(), de_ctx, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspectionBuffer(), DetectGetMultiData(), flags, DetectEngineAppInspectionEngine_::GetMultiData, InspectionBuffer::inspect, DetectEngineAppInspectionEngine_::match_on_null, DetectEngineAppInspectionEngine_::mpm, DetectEngineAppInspectionEngine_::progress, Flow_::proto, DetectEngineAppInspectionEngine_::sm_list, DetectEngineAppInspectionEngine_::smd, DetectEngineAppInspectionEngine_::transforms, and DetectEngineAppInspectionEngine_::v2.
Referenced by DetectAppLayerMultiRegister().
◆ DetectEngineInspectPktBufferGeneric()
| int DetectEngineInspectPktBufferGeneric | ( | DetectEngineThreadCtx * | det_ctx, |
| const DetectEnginePktInspectionEngine * | engine, | ||
| const Signature * | s, | ||
| Packet * | p, | ||
| uint8_t * | _alert_flags | ||
| ) |
Do the content inspection & validation for a signature.
- Parameters
-
de_ctx Detection engine context det_ctx Detection engine thread context s Signature to inspect p Packet
- Return values
-
0 no match. 1 match.
Definition at line 2205 of file detect-engine.c.
References DetectEngineThreadCtx_::de_ctx, DETECT_CI_FLAGS_END, DETECT_CI_FLAGS_START, DETECT_ENGINE_CONTENT_INSPECTION_MODE_HEADER, DETECT_ENGINE_INSPECT_SIG_MATCH, DETECT_ENGINE_INSPECT_SIG_NO_MATCH, DetectEngineContentInspection(), InspectionBuffer::flags, Packet_::flow, DetectEnginePktInspectionEngine::GetData, InspectionBuffer::inspect, InspectionBuffer::inspect_len, DetectEnginePktInspectionEngine::mpm, SCLogDebug, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::smd, DetectEnginePktInspectionEngine::transforms, unlikely, and DetectEnginePktInspectionEngine::v1.
Referenced by DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectIPAddrBufferRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
◆ DetectEngineLoadTenantBlocking()
| int DetectEngineLoadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml | ||
| ) |
Load a tenant and wait for loading to complete.
Definition at line 4136 of file detect-engine.c.
References DetectLoadersSync().
◆ DetectEngineMoveToFreeList()
| int DetectEngineMoveToFreeList | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 4722 of file detect-engine.c.
References de_ctx, DetectEngineMasterCtx_::lock, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineReload(), and GlobalsDestroy().
◆ DetectEngineMpmCachingEnabled()
| bool DetectEngineMpmCachingEnabled | ( | void | ) |
Definition at line 2462 of file detect-engine.c.
References SCConfGetBool().
Referenced by DetectEngineMpmCachingGetPath().
◆ DetectEngineMpmCachingGetPath()
| const char * DetectEngineMpmCachingGetPath | ( | void | ) |
Definition at line 2471 of file detect-engine.c.
References DetectEngineMpmCachingEnabled(), SCConfGet(), and SCLogInfo.
◆ DetectEngineMTApply()
| int DetectEngineMTApply | ( | void | ) |
Definition at line 4913 of file detect-engine.c.
References DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_MT_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineBumpVersion(), DetectEngineCtxInitStubForMT(), DetectEnginePruneFreeList(), DetectEngineMasterCtx_::list, DetectEngineMasterCtx_::lock, DetectEngineCtx_::next, SCLogDebug, SCLogInfo, SCMutexLock, SCMutexUnlock, DetectEngineCtx_::tenant_id, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_UNKNOWN, and DetectEngineCtx_::type.
◆ DetectEngineMultiTenantEnabled()
| bool DetectEngineMultiTenantEnabled | ( | void | ) |
Definition at line 3876 of file detect-engine.c.
References DetectEngineMasterCtx_::lock, DetectEngineMasterCtx_::multi_tenant_enabled, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineThreadCtxInit(), DetectEngineThreadCtxInitForReload(), and SigGroupBuild().
◆ DetectEngineMultiTenantSetup()
| int DetectEngineMultiTenantSetup | ( | const bool | unix_socket | ) |
setup multi-detect / multi-tenancy
See if MT is enabled. If so, setup the selector, tenants and mappings. Tenants and mappings are optional, and can also dynamically be added and removed from the unix socket.
Definition at line 4299 of file detect-engine.c.
References DetectLoadersInit(), DetectLoadersSync(), DetectLoaderThreadSpawn(), EngineModeIsIPS(), DetectEngineMasterCtx_::lock, DetectEngineMasterCtx_::multi_tenant_enabled, next, PathMerge(), SCConfGet(), SCConfGetBool(), SCConfGetNode(), SCConfNodeLookupChild(), SCConfYamlLoadFileWithPrefix(), SCLogConfig, SCLogDebug, SCLogError, SCLogNotice, SCLogWarning, SCMutexLock, SCMutexUnlock, StringParseUint32(), strlcpy(), TAILQ_FOREACH, DetectEngineMasterCtx_::tenant_selector, TENANT_SELECTOR_DIRECT, TENANT_SELECTOR_LIVEDEV, TENANT_SELECTOR_UNKNOWN, TENANT_SELECTOR_VLAN, TmModuleDetectLoaderRegister(), TmThreadContinueDetectLoaderThreads(), SCConfNode_::val, and VarNameStoreActivate().
Referenced by PostConfLoadedDetectSetup().
◆ DetectEngineMustParseMetadata()
| int DetectEngineMustParseMetadata | ( | void | ) |
Definition at line 4980 of file detect-engine.c.
Referenced by DetectMetadataHashInit().
◆ DetectEnginePktInspectionRun()
| bool DetectEnginePktInspectionRun | ( | ThreadVars * | tv, |
| DetectEngineThreadCtx * | det_ctx, | ||
| const Signature * | s, | ||
| Flow * | f, | ||
| Packet * | p, | ||
| uint8_t * | alert_flags | ||
| ) |
Definition at line 1812 of file detect-engine.c.
References DetectEnginePktInspectionEngine::Callback, DETECT_ENGINE_INSPECT_SIG_MATCH, Signature_::id, DetectEnginePktInspectionEngine::next, Signature_::pkt_inspect, SCEnter, SCLogDebug, and DetectEnginePktInspectionEngine::v1.
◆ DetectEnginePktInspectionSetup()
| int DetectEnginePktInspectionSetup | ( | Signature * | s | ) |
Definition at line 1860 of file detect-engine.c.
References DETECT_SM_LIST_MATCH, DETECT_SM_LIST_PMATCH, Signature_::id, Signature_::init_data, SignatureInitData_::init_flags, SCLogDebug, SIG_FLAG_INIT_STATE_MATCH, and Signature_::sm_arrays.
◆ DetectEnginePruneFreeList()
| void DetectEnginePruneFreeList | ( | void | ) |
Definition at line 4732 of file detect-engine.c.
References DetectEngineCtxFree(), DetectEngineMasterCtx_::free_list, DetectEngineMasterCtx_::lock, next, DetectEngineCtx_::next, DetectEngineCtx_::ref_cnt, SCLogDebug, SCMutexLock, and SCMutexUnlock.
Referenced by DetectEngineClearMaster(), DetectEngineMTApply(), and DetectEngineReload().
◆ DetectEngineReference()
| DetectEngineCtx * DetectEngineReference | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3868 of file detect-engine.c.
References de_ctx, and DetectEngineCtx_::ref_cnt.
Referenced by DetectEngineThreadCtxInitForReload().
◆ DetectEngineRegisterTests()
| void DetectEngineRegisterTests | ( | void | ) |
Definition at line 5295 of file detect-engine.c.
References UtRegisterTest().
◆ DetectEngineReload()
| int DetectEngineReload | ( | const SCInstance * | suri | ) |
Reload the detection engine.
- Parameters
-
filename YAML file to load for the detect config
- Return values
-
-1 error 0 ok
Definition at line 4789 of file detect-engine.c.
References SCInstance_::additional_configs, SCInstance_::conf_filename, DatasetPostReloadCleanup(), DatasetReload(), DETECT_ENGINE_TYPE_DD_STUB, DETECT_ENGINE_TYPE_NORMAL, DetectEngineAddToMaster(), DetectEngineBumpVersion(), DetectEngineCtxFree(), DetectEngineCtxInitWithPrefix(), DetectEngineDeReference(), DetectEngineGetCurrent(), DetectEngineMoveToFreeList(), DetectEnginePruneFreeList(), DetectEngineCtx_::rate_filter_callback_arg, DetectEngineCtx_::RateFilterCallback, SCConfDump(), SCConfGetNode(), SCConfYamlHandleInclude(), SCConfYamlLoadFileWithPrefix(), SCLogConfig, SCLogDebug, SCLogError, SCLogNotice, SCInstance_::sig_file, SCInstance_::sig_file_exclusive, SigLoadSignatures(), DetectEngineCtx_::tenant_id, and DetectEngineCtx_::type.
Referenced by LLVMFuzzerTestOneInput(), and SuricataMainLoop().
◆ DetectEngineReloadIsIdle()
| int DetectEngineReloadIsIdle | ( | void | ) |
Definition at line 1930 of file detect-engine.c.
References IDLE, DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
◆ DetectEngineReloadIsStart()
| int DetectEngineReloadIsStart | ( | void | ) |
Definition at line 1910 of file detect-engine.c.
References DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadSetIdle()
| void DetectEngineReloadSetIdle | ( | void | ) |
Definition at line 1922 of file detect-engine.c.
References IDLE, DetectEngineSyncer_::m, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadStart()
| int DetectEngineReloadStart | ( | void | ) |
Definition at line 1896 of file detect-engine.c.
References IDLE, DetectEngineSyncer_::m, RELOAD, SCMutexLock, SCMutexUnlock, and DetectEngineSyncer_::state.
Referenced by SuricataMainLoop().
◆ DetectEngineReloadTenantBlocking()
| int DetectEngineReloadTenantBlocking | ( | uint32_t | tenant_id, |
| const char * | yaml, | ||
| int | reload_cnt | ||
| ) |
Reload a tenant and wait for loading to complete.
Definition at line 4150 of file detect-engine.c.
References DetectLoadersSync().
◆ DetectEngineReloadTenantsBlocking()
| int DetectEngineReloadTenantsBlocking | ( | const int | reload_cnt | ) |
Reload all tenants and wait for loading to complete.
Definition at line 4164 of file detect-engine.c.
References DetectLoadersSync().
◆ DetectEngineResetMaxSigId()
| void DetectEngineResetMaxSigId | ( | DetectEngineCtx * | de_ctx | ) |
Definition at line 3053 of file detect-engine.c.
References de_ctx, and DetectEngineCtx_::signum.
Referenced by SigCleanSignatures().
◆ DetectEngineSetParseMetadata()
| void DetectEngineSetParseMetadata | ( | void | ) |
Definition at line 4970 of file detect-engine.c.
◆ DetectEngineTenantRegisterLivedev()
| int DetectEngineTenantRegisterLivedev | ( | uint32_t | tenant_id, |
| int | device_id | ||
| ) |
Definition at line 4579 of file detect-engine.c.
References TENANT_SELECTOR_LIVEDEV.
◆ DetectEngineTenantRegisterPcapFile()
| int DetectEngineTenantRegisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 4595 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
◆ DetectEngineTenantRegisterVlanId()
| int DetectEngineTenantRegisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 4585 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
◆ DetectEngineTenantUnregisterPcapFile()
| int DetectEngineTenantUnregisterPcapFile | ( | uint32_t | tenant_id | ) |
Definition at line 4601 of file detect-engine.c.
References SCLogInfo, and TENANT_SELECTOR_DIRECT.
◆ DetectEngineTenantUnregisterVlanId()
| int DetectEngineTenantUnregisterVlanId | ( | uint32_t | tenant_id, |
| uint16_t | vlan_id | ||
| ) |
Definition at line 4590 of file detect-engine.c.
References TENANT_SELECTOR_VLAN.
◆ DetectEngineThreadCtxDeinit()
| TmEcode DetectEngineThreadCtxDeinit | ( | ThreadVars * | tv, |
| void * | data | ||
| ) |
Definition at line 3608 of file detect-engine.c.
References HashTableFree(), DetectEngineThreadCtx_::mt_det_ctxs_hash, SCLogWarning, and TM_ECODE_OK.
Referenced by DetectEngineThreadCtxInit(), LLVMFuzzerTestOneInput(), UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ DetectEngineThreadCtxGetJsonContext()
| int DetectEngineThreadCtxGetJsonContext | ( | DetectEngineThreadCtx * | det_ctx | ) |
Definition at line 5069 of file detect-engine.c.
References DetectEngineThreadCtx_::json_content, DetectEngineThreadCtx_::json_content_capacity, DetectEngineThreadCtx_::json_content_len, SCLogDebug, SCRealloc, SIG_JSON_CONTENT_ARRAY_LEN, and unlikely.
◆ DetectEngineThreadCtxInit()
| TmEcode DetectEngineThreadCtxInit | ( | ThreadVars * | tv, |
| void * | initdata, | ||
| void ** | data | ||
| ) |
initialize thread specific detection engine context
- Note
- there is a special case when using delayed detect. In this case the function is called twice per thread. The first time the rules are not yet loaded. de_ctx->delayed_detect_initialized will be 0. The 2nd time they will be loaded. de_ctx->delayed_detect_initialized will be 1. This is needed to do the per thread counter registration before the packet runtime starts. In delayed detect mode, the first call will return a NULL ptr through the data ptr.
- Parameters
-
tv ThreadVars for this thread initdata pointer to de_ctx data[out] pointer to store our thread detection ctx
- Return values
-
TM_ECODE_OK if all went well TM_ECODE_FAILED on serious errors
alert counter setup
Definition at line 3372 of file detect-engine.c.
References DetectEngineThreadCtx_::counter_alerts, DetectEngineThreadCtx_::counter_alerts_overflow, DetectEngineThreadCtx_::counter_alerts_suppressed, DetectEngineThreadCtx_::counter_fnonmpm_list, DetectEngineThreadCtx_::counter_match_list, DetectEngineThreadCtx_::counter_mpm_list, DetectEngineThreadCtx_::counter_nonmpm_list, DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineGetCurrent(), DetectEngineMultiTenantEnabled(), DetectEngineThreadCtxDeinit(), DetectEngineThreadCtx_::json_content, DetectEngineThreadCtx_::json_content_capacity, DetectEngineThreadCtx_::json_content_len, DetectEngineThreadCtx_::lua_blocked_function_errors, DetectEngineThreadCtx_::lua_instruction_limit_errors, DetectEngineThreadCtx_::lua_memory_limit_errors, DetectEngineThreadCtx_::lua_rule_errors, RunmodeIsUnittests(), SCCalloc, StatsRegisterAvgCounter(), StatsRegisterCounter(), TM_ECODE_FAILED, TM_ECODE_OK, DetectEngineThreadCtx_::tv, tv, DetectEngineCtx_::type, and unlikely.
Referenced by UTHMatchPackets(), UTHMatchPacketsWithResults(), UTHPacketMatchSig(), and UTHPacketMatchSigMpm().
◆ DetectEngineThreadCtxInitForReload()
| DetectEngineThreadCtx * DetectEngineThreadCtxInitForReload | ( | ThreadVars * | tv, |
| DetectEngineCtx * | new_de_ctx, | ||
| int | mt | ||
| ) |
alert counter setup
Definition at line 3455 of file detect-engine.c.
References DetectEngineThreadCtx_::counter_alerts, DetectEngineThreadCtx_::counter_alerts_overflow, DetectEngineThreadCtx_::counter_alerts_suppressed, DetectEngineThreadCtx_::counter_fnonmpm_list, DetectEngineThreadCtx_::counter_match_list, DetectEngineThreadCtx_::counter_mpm_list, DetectEngineThreadCtx_::counter_nonmpm_list, DetectEngineThreadCtx_::de_ctx, DETECT_ENGINE_TYPE_NORMAL, DETECT_ENGINE_TYPE_TENANT, DetectEngineDeReference(), DetectEngineMultiTenantEnabled(), DetectEngineReference(), SCCalloc, SCFree, StatsRegisterAvgCounter(), StatsRegisterCounter(), DetectEngineCtx_::tenant_id, DetectEngineThreadCtx_::tenant_id, TM_ECODE_OK, DetectEngineThreadCtx_::tv, tv, DetectEngineCtx_::type, and unlikely.
Referenced by LLVMFuzzerTestOneInput().
◆ DetectEngineUnsetParseMetadata()
| void DetectEngineUnsetParseMetadata | ( | void | ) |
Definition at line 4975 of file detect-engine.c.
◆ DetectGetMultiData()
| InspectionBuffer * DetectGetMultiData | ( | struct DetectEngineThreadCtx_ * | det_ctx, |
| const DetectEngineTransforms * | transforms, | ||
| Flow * | f, | ||
| const uint8_t | flow_flags, | ||
| void * | txv, | ||
| const int | list_id, | ||
| uint32_t | index, | ||
| InspectionMultiBufferGetDataPtr | GetBuf | ||
| ) |
Definition at line 2133 of file detect-engine.c.
References DETECT_CI_FLAGS_SINGLE, InspectionBuffer::flags, InspectionBuffer::initialized, InspectionBufferMultipleForListGet(), InspectionBufferSetupMulti(), and InspectionBufferSetupMultiEmpty().
Referenced by DetectEngineInspectMultiBufferGeneric().
◆ DetectGetSingleData()
| InspectionBuffer * DetectGetSingleData | ( | struct DetectEngineThreadCtx_ * | det_ctx, |
| const DetectEngineTransforms * | transforms, | ||
| Flow * | f, | ||
| const uint8_t | flow_flags, | ||
| void * | txv, | ||
| const int | list_id, | ||
| InspectionSingleBufferGetDataPtr | GetBuf | ||
| ) |
Definition at line 2116 of file detect-engine.c.
References InspectionBuffer::inspect, InspectionBufferGet(), and InspectionBufferSetupAndApplyTransforms().
Referenced by DetectEngineInspectBufferSingle().
◆ DetectMd5ValidateCallback()
| bool DetectMd5ValidateCallback | ( | const Signature * | s, |
| const char ** | sigerror, | ||
| const DetectBufferType * | map | ||
| ) |
Definition at line 5020 of file detect-engine.c.
References SignatureInitData_::buffer_index, SignatureInitData_::buffers, DetectContentData_::content, DetectContentData_::content_len, SigMatch_::ctx, DETECT_CONTENT, DETECT_CONTENT_NOCASE, DetectContentData_::flags, SignatureInitDataBuffer_::head, DetectBufferType_::id, SignatureInitDataBuffer_::id, Signature_::id, Signature_::init_data, DetectBufferType_::name, SigMatch_::next, SCLogError, SCLogWarning, and SigMatch_::type.
Referenced by DetectQuicCyuHashRegister(), DetectSshHasshRegister(), DetectSshHasshServerRegister(), DetectTlsJa3HashRegister(), and DetectTlsJa3SHashRegister().
◆ DetectPktInspectEngineRegister()
| void DetectPktInspectEngineRegister | ( | const char * | name, |
| InspectionBufferGetPktDataPtr | GetPktData, | ||
| InspectionBufferPktInspectFunc | Callback | ||
| ) |
register inspect engine at start up time
- Note
- errors are fatal
Definition at line 155 of file detect-engine.c.
References BUG_ON, DetectEnginePktInspectionEngine::Callback, DETECT_SM_LIST_MATCH, DetectBufferTypeGetByName(), DetectBufferTypeRegister(), FatalError, DetectEnginePktInspectionEngine::GetData, name, DetectEnginePktInspectionEngine::next, SCCalloc, SCLogError, DetectEnginePktInspectionEngine::sm_list, DetectEnginePktInspectionEngine::sm_list_base, unlikely, and DetectEnginePktInspectionEngine::v1.
Referenced by DetectIcmpv4HdrRegister(), DetectICMPv6hdrRegister(), DetectIPAddrBufferRegister(), DetectIpv4hdrRegister(), DetectIpv6hdrRegister(), DetectTcphdrRegister(), and DetectUdphdrRegister().
◆ DetectRegisterThreadCtxGlobalFuncs()
| int DetectRegisterThreadCtxGlobalFuncs | ( | const char * | name, |
| void *(*)(void *) | InitFunc, | ||
| void * | data, | ||
| void(*)(void *) | FreeFunc | ||
| ) |
Register Thread keyword context Funcs (Global)
IDs stay static over reloads and between tenants
- Parameters
-
name keyword name for error printing InitFunc function ptr FreeFunc function ptr
- Return values
-
id for retrieval of ctx at runtime -1 on error
Definition at line 3756 of file detect-engine.c.
References BUG_ON, DetectEngineThreadKeywordCtxItem_::data, DetectEngineThreadKeywordCtxItem_::FreeFunc, id, DetectEngineThreadKeywordCtxItem_::id, DetectEngineThreadKeywordCtxItem_::InitFunc, DetectEngineMasterCtx_::keyword_id, DetectEngineMasterCtx_::keyword_list, DetectEngineThreadKeywordCtxItem_::name, name, DetectEngineThreadKeywordCtxItem_::next, SCCalloc, and unlikely.
Referenced by DetectHttpHeaderNamesRegister(), DetectHttpHeaderRegister(), DetectHttpRequestHeaderRegister(), DetectHttpResponseHeaderRegister(), and DetectHttpStartRegister().
◆ DetectSigmatchListEnumToString()
| const char * DetectSigmatchListEnumToString | ( | enum DetectSigmatchListEnum | type | ) |
Definition at line 4985 of file detect-engine.c.
References DETECT_SM_LIST_BASE64_DATA, DETECT_SM_LIST_MATCH, DETECT_SM_LIST_MAX, DETECT_SM_LIST_PMATCH, DETECT_SM_LIST_POSTMATCH, DETECT_SM_LIST_SUPPRESS, DETECT_SM_LIST_THRESHOLD, DETECT_SM_LIST_TMATCH, and type.
◆ DetectTableToString()
| const char * DetectTableToString | ( | enum DetectTable | table | ) |
Definition at line 130 of file detect-engine.c.
References DETECT_TABLE_APP_FILTER, DETECT_TABLE_APP_TD, DETECT_TABLE_NOT_SET, DETECT_TABLE_PACKET_FILTER, DETECT_TABLE_PACKET_PRE_FLOW, DETECT_TABLE_PACKET_PRE_STREAM, and DETECT_TABLE_PACKET_TD.
◆ DetectThreadCtxGetGlobalKeywordThreadCtx()
| void * DetectThreadCtxGetGlobalKeywordThreadCtx | ( | DetectEngineThreadCtx * | det_ctx, |
| int | id | ||
| ) |
Retrieve thread local keyword ctx by id.
- Parameters
-
det_ctx detection engine thread ctx to retrieve the ctx from id id of the ctx returned by DetectRegisterThreadCtxInitFunc at keyword init.
- Return values
-
ctx or NULL on error
Definition at line 3800 of file detect-engine.c.
References DetectEngineThreadCtx_::global_keyword_ctxs_array, DetectEngineThreadCtx_::global_keyword_ctxs_size, and id.
Referenced by HttpHeaderGetBufferSpace().
◆ InjectPacketsForFlush()
| void InjectPacketsForFlush | ( | ThreadVars ** | detect_tvs, |
| int | no_of_detect_tvs | ||
| ) |
Definition at line 2247 of file detect-engine.c.
References PacketQueue_::cond_q, Packet_::flags, PacketQueue_::mutex_q, name, PacketEnqueue(), PacketGetFromAlloc(), PKT_PSEUDO_LOG_FLUSH, PKT_PSEUDO_STREAM_END, PKT_SET_SRC, PKT_SRC_DETECT_RELOAD_FLUSH, SCCondSignal, SCLogDebug, SCMutexLock, SCMutexUnlock, and ThreadVars_::stream_pq.
